CVE-2023-22893

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.

Published: Apr 19, 2023
Updated: May 10, 2024
CVE: CVE-2023-22893
GHSA: GHSA-583x-23h9-f5w7
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
@strapi / plugin-users-permissions	3.2.1	4.6.0
strapi / strapi	3.0.0	4.6.0

https://github.com/strapi/strapi/blob/v4.5.6/packages/plugins/users-permissions/server/services/providers-registry.js
https://github.com/strapi/strapi/commit/46f8f98378338f18b5c6139d0157a8f71bf4de83
https://github.com/strapi/strapi/commit/8bbbd7383a20bb7cb163c8b462baffee559e994f
https://github.com/strapi/strapi/commit/eeab43b57707d7ef275076d27be6eabc72bd71a7
https://github.com/strapi/strapi/releases
https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
https://www.ghostccamm.com/blog/multi_strapi_vulns
https://www.ghostccamm.com/blog/multi_strapi_vulns/

Vulnerability Database

CVE-2023-22893